View all newsletters
Receive our newsletter - data, insights and analysis delivered to you
  1. Technology
  2. Cybersecurity
January 8, 2018updated 09 Jan 2018 4:32pm

McAfee spots hacking campaign targeting 2018 Winter Olympics

Due to the significant tension between South and North Korea, in addition to political tensions with the NKDP and other nations globally, the event is highly sensitive and likely to face more cyberattacks.

By Tom Ball

Cybersecurity provider, McAfee, has discovered a malicious campaign targeting organisations associated with the 2018 Winter Olympic Games in Pyeongchang, South Korea.

Delivered as a Microsoft Word document in an email, the fileless malware attack was aimed at icehockey@pyeongchang2018.com, while a number of other organisations, predominantly associated with the upcoming Olympics, were included in the BBC of the email.

This is not the first sign of the malicious campaign, with other related actions having been noted on the 22nd of December 2017 and on the 28th. In these previous instances the attackers had loaded the malicious document with a hypertext application (HTA) file before using an image to hide it.

In this most recent case, the attackers acted under the guise of counter terrorism operatives, coinciding with actual anti-terror drills relating to the event.

Analysis from a McAfee report on the document said: “The malicious document was submitted from South Korea to Virus Total on December 29 at 09:04, a day after the original email was sent to the target list. The email was sent from the IP address 43.249.39.152, in Singapore, on December 28 at 23:34. The attacker spoofed the message to appear to be from info@nctc.go.kr, which is the National Counter-Terrorism Center (NCTC) in South Korea.”

Do your GDPR homework before spending money, says RSA’s Rashmi Knowles
UK locked and loaded for cyber warfare as GCHQ doubles weapons
Gemalto banks on biometrics with contactless fingerprint card

Peter Carlisle, VP EMEA, Thales eSecurity, said: “Global gatherings such as the Olympics that see world leaders, businesses and governmental organisations converge on one location are a naturally attractive target for digital criminal activity. Notably, it is becoming increasingly likely that multiple attempts will be made to obtain sensitive information like passwords.”

Content from our partners
The growing cybersecurity threats facing retailers
How to integrate security into IT operations
How Kodak evolved to tackle seismic changes in the print industry and embrace digital revolution

South Korea has previously been the target of cyberattacks thought to have originated in North Korea, and the event being viewed globally as a test of the relationship between the countries.

“Based on our analysis of the email header, this message did not come from NCTC, rather from the attacker’s IP address in Singapore. The message was sent from a Postfix email server and originated from the hostname ospf1-apac-sg.stickyadstv.com. When the user opens the document, text in Korean tells the victim to enable content to allow the document to be opened in their version of Word,” McAfee said in the report.

Websites in our network
NEWSLETTER Sign up Tick the boxes of the newsletters you would like to receive. Tech Monitor's research, insight and analysis examines the frontiers of digital transformation to help tech leaders navigate the future. Our Changelog newsletter delivers our best work to your inbox every week.
I consent to New Statesman Media Group collecting my details provided via this form in accordance with the Privacy Policy
SUBSCRIBED
THANK YOU